Re: Splunk scripted alert not taking the arguments...

ajaybguthi · ‎06-17-2013

Hi
Am trying to configure scripted alerts from Splunk. But Splunk is not taking the arguments that are being passed. seeing the below error in the log files.

Cannot find script at /usr/Splunk/bin/scripts/sendtobmc.sh $5 $0 $1 $2 $3

If i remove the arguments that are being passed ($5 $0 ...) to the script its running the script fine with no issues

Please let me know if am missing anything here.

Thanks
Ajay.

Gilberto_Castil · ‎06-17-2013

When you specify the script to run via SplunkWeb, you do not need to extropolate which variables are to be passed. Instead, the script can act as wrapper to handle ALL variables.

At this point, your script has the ability to use the variables.

# sendtobmc.sh
#! /bin/sh

bmcExec=/usr/bin/bmc/myBMCExec.sh
$bmcExec "$5" "$0" "$1" "$2" "$3"

# end of sendtobmc.sh

In essence the script is a handler or a wrapper to handle the output passed by the alert.

gc

JSapienza · ‎06-17-2013

That's because the variables for the arguments are not defined. Is your scripts expecting the 5 arguments ? Post your script.

Splunk scripted alert not taking the arguments/variables

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases